CVE-2010-3793

Name of the Vulnerable Software and Affected Versions Apple Mac OS X versions 10.6.x through 10.6.4 QuickTime versions prior to 10.6.5

Description The issue is caused by an array-indexing error when parsing Sorenson Video 3 content, which can lead to memory corruption during decompression via a specially crafted file. This can be exploited to execute arbitrary code or cause a denial of service, resulting in a memory corruption and application crash.

Recommendations For Apple Mac OS X versions 10.6.x through 10.6.4, update to version 10.6.5 or later to resolve the issue. For other affected versions of QuickTime, update to a version that includes the fix for the Sorenson Video Codec decoding issue. As a temporary workaround, consider avoiding the use of Sorenson Video 3 content in QuickTime until a patch is available.